﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Services;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.Sql;
using System.Data.SqlClient;
using System.Data.SqlTypes;
using System.Configuration;
using System.Collections;
using wdss.WebServices;


namespace wdss.GUI
{
    public partial class SendNewPassword : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            Response.ExpiresAbsolute = DateTime.Now.AddDays(-1d);
            Response.Expires = -1500;
            Response.CacheControl = "no-cache";
            username_lbl.Text = (string)Session["username"];
            username_lbl.Visible = true;
            question_lbl.Text = (string)Session["question"];
        }

        protected void fetch_btn_Click(object sender, EventArgs e)
        {
            int userid = (int)Session["userid"];
            string answer = answer_txt.Text;
            NewPasswordService matchDetails = new NewPasswordService();
            SQLInjectionDetectionService injection = new SQLInjectionDetectionService();
            DetectXSSAttemptService xss = new DetectXSSAttemptService();
            if (injection.DetectSQL(answer))
            {
                Session.Clear();
                Server.Transfer("~/GUI/Login.aspx");
            }
            if (xss.IsXSSInjection(answer))
            {
                Session.Clear();
                Server.Transfer("~/GUI/Login.aspx");

            }
            answer = xss.EncodeString(answer);

            bool success = matchDetails.match(userid, answer, role_list.SelectedIndex+1, dept_list.SelectedIndex+1);
            if (success == true)
            {
                LogService log = new LogService();
                log.LogAction("User " + username_lbl.Text + " has requested for a new password");
                EmailClientService mail = new EmailClientService();
                bool mailSent = mail.sendMail(username_lbl.Text);
                HttpContext.Current.Response.Write("<script>alert(' New password has been sent to your ID.\nPlease change it after first login. ')</script>");
                //Response.Write("<script language=javascript>window.location.href='" + Request.Url.ToString() + "'</script>");
                
                Session.Clear();
                Server.Transfer("~/GUI/Login.aspx");
            }
            else
            {
                HttpContext.Current.Response.Write("<script>alert(' The entered details did not match! ')</script>");
                //Response.Write("<script language=javascript>window.location.href='" + Request.Url.ToString() + "'</script>");
                Session.Clear();
                Server.Transfer("~/GUI/Login.aspx");
            }
        }
    }
}
